Thursday, March 9, 2017

Network Security Through the Eyes of a 'Cable Guy'

News Flash! The world of the traditional cable service provider is changing...
Written by CCI Solutions Director, Drew Kempen

We all know about how consumers are consuming video via streaming; about the growth of DOCSIS and Internet services; about how the Internet of Things (IoT) is bringing massive amounts of new devices into the network; and about how almost everything we do as a consumer continues to migrate to the ‘cloud’. In short, everything is moving to ‘IP’. 

Unfortunately, growing the capacity and speed of the network isn’t the only area of concern that comes with this change. With IP, network security becomes a huge concern. Oftentimes, security of the headend-to-consumer pipeline has been overlooked in the traditional cable service provider environment. It is also not the sort of cost that many traditional service providers are used to stomaching. So how does someone who is not a security expert, or even an IP expert, wrap their heads around security? And how can you justify requesting funds to spend on security?

Why does my system need security?

There are a number of reasons operators need to begin to take security seriously. The most overt and publically familiar concern is being maliciously hacked. This is when hackers are accessing[G1]  your network or subscribers off your network to gather personal information, business data, insert malware, or hold you digitally hostage. We all hear the horror stories of companies being hacked, identity theft, computers being taken over, networks crashing, and so on.
CCI’s Security Solutions Director, Andy Erickson, points out “Ransomware has become the malware of choice for many hackers.” Ransomware is on its way to becoming a $1 billion market (Taylor, 2016).  This issue is not getting better, it is getting worse. Yet we still see many operators continuing to play Russian roulette by putting off investing in security solutions.

Second, attacks are happening all of the time. No unprotected network is safe. Every operator experiences these attacks and most don’t know they are happening at all. Imagine running a large business with hundreds of employees, products, revenue streams and costs. Now imagine the only report you get is dollars in and dollars out. Basically, you know how much money you are making. How easy would it be to hide fraud, wasted dollars, and identify critical aspects that allow you to know how each product and employee are performing? Network security today is like that. Your IP bandwidth is that business, and everything is hiding in the IP packets. It could be legitimate traffic, it could be malicious traffic, or it could be useless or DDoS generated traffic. You only see how much traffic is used. 

Examine the large DDoS attacks we have seen in the news lately about services such as Amazon, Netflix, and so on being taken down. These are not shut down by someone from Russia hacking their sites. The hackers hack entire groups of IP devices in people’s homes and program them to request access to an IP address all at one time. Take the massive outage that occurred late last year that affected the east coast of the United States. This was a DDoS attack against Dyn where the attackers used IoT devices to effect and attack (Newman, 2016). We are talking about refrigerators, watches, phones, tablets, thermostats, etc. This happens all the time and will happen with more frequency as more and more devices come online and are unprotected. 

How do I justify the cost?

Investing in security is not as unfamiliar to cable operators as many may think it is. Consider video encryption requirements and the challenges the presented for the entire industry from both a technical and financial aspect. This was to secure the content. This introduced millions of dollars of cost to operators simply to meet requirements. Today, security is different and more complex.  However, unlike the investment in encryption, these security technologies offer the opportunity for new and next-generation revenue generating services. 

For the sake of an example, let’s assume that when your traffic is at peak burst time, that 20-25% of that actually turns out to be malicious or attack oriented bursts. You provision your entire network because of peak time traffic usage. For a cable/DOCSIS operator, that is the difference between 16 and 20 DOCSIS QAM or 24 and 32 QAM. Without visibility into this traffic, huge amounts of money may be being spent to scale a network faster than it needs to be scaled. At first glance, these percentages seem high but look no further than last January’s Arbor DDoS report that clocked the largest ever DDoS attack at 500 Gbps[G2]  (Ungureanu, 2016).  Many respondents to the report saw an over 100 Gbps[G3]  attack during the year. Again, this problem isn't getting better, it is getting worse. As more and more devices come online, this percentage will inevitably rise. Now is the time to gain visibility into this and implement solutions to stop that traffic. [G4] [G5] 

Potential Monetization

There is also a value to the consumer. Next-generation firewalls provide a huge security benefit. Coming from a cable guy, using the term ‘firewall’ for this solution is very misleading. When most people think of firewall, they think of some mass marketed software that everyone has tried, yet we always seem to get viruses on our devices one way or another. Unfortunately, this has been the only layer of security most consumers have ever had. These next-gen network firewalls actually provide many of the benefits of a desktop security solution and more. Not that you would recommend not having desktop security on a computer, but Anti-Malware detection for the entire home is part of these network firewalls. It provides an additional layer of security for the entire IP stream to that home. 

Deep packet inspection is also a key feature of these network firewalls. Malicious programs and code are hidden within the IP packets. Unless you unwrap and analyze the contents of these packets, you will not be able to find the illegitimate source code. Next-generation firewalls provide this capability which helps protect your network and your subscribers. It is important to remember that as consumers information and data continue to migrate to the digital realm, it is not just data that needs to be secured, it is their life, intimate information, and identities. 

These values can translate into and additional revenue generating service to subscribers both commercial and residential. For example, let’s assume you have a 100 MB data tier. 

Option 1:
100 MBPS Class of service- Unlimited Data = $79.99/mo

Option 2:
100 MBPS Class of service- Unlimited Data= Whole home network security, firewall, malware protection, virus prevention, all-device protection = $89.99/mo

You could throw in an option 3 ‘business class’ that offers DDoS protection as well. The primary point is that you now have the capability to realize an additional revenue stream for an area of growing importance and relevance for your subscriber base. This is valuable especially considering the shrinking revenue and income generated by traditional video.

From a solution standpoint, there are many layers of security to be considered. For example, there are network-wide options that also help with the problems, such as Cisco Umbrella (OpenDNS) and Arbor DDoS detection, and mitigation solutions. 

CCI Systems CTO Matt Reath comments regarding the value of this solution; “In this case, a service provider can setup up their network and subscribers to utilize the open DNS solution so that DNS requests are scrubbed and requests protected. Arbor looks at all packets going in and out of the network and alerts and reacts to DDoS attacks. This combined with proper end-user education and in-home firewall systems creates a multi-layered approach to security.” This multi-layered approach is critical to offering a comprehensive solution for security. 

CCI’s Security Solutions Director, Andy Erickson proposes; “From a Service Provider’s perspective, security can be implemented in a phased approach:  crawl, walk, run.  Next-generation firewalls with Cisco’s Umbrella is a great starting point and can be the foundational framework for your security to build from.” In conjunction with this solution approach, CCI offers security consulting in a crawl, walk, run method. This starts with providing visibility into network attacks that are happening and security threat assessments of the current network. 


Network security should not be looked at as optional or as an ‘insurance policy’ any longer. It should be a requirement for the foundation of any long-term strategy. How many operators sink millions of dollars to make the physical layer redundant? Fiber links, line cards, switches, etc., all to increase reliability and minimize downtime. It’s time we all start understanding the preventative nature and benefits of enhanced network security solutions, as well as the asset they are to our systems and services we can offer to our subscribers.

For more information or to discuss your network’s security strategy, reach out to CCI on social media or contact us at


Taylor, H. (2016) Ransomware Spiked 6,000% in 2016 and Most Victims Paid the Hackers, IBM finds. Retrieved February 7, 2016 from
Newman, L. H. (2016) What we know about Friday’s Massive East Coast Internet Outage. Retrieved February 7, 2017 from
Ungureanu, H. (2016) Worlds Largest DDoS Attacks Breaks Records, Clocks at Massive 500 gbps. Retrieved February 7, 2017 from

No comments:

Post a Comment